Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

zephyrproject-rtos — Vulnerabilities & Security Advisories 119

Browse all 119 CVE security advisories affecting zephyrproject-rtos. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Zephyr Project is an open-source real-time operating system designed for constrained, resource-limited devices, primarily serving the Internet of Things and embedded systems sectors. Its architecture supports diverse hardware architectures, enabling developers to build secure, scalable applications for wearables, medical devices, and industrial sensors. Historically, the codebase has exhibited vulnerabilities typical of complex C-based systems, including buffer overflows, use-after-free errors, and improper input validation, which can lead to remote code execution or privilege escalation. While no single catastrophic incident has defined its history, the high volume of recorded CVEs highlights the challenges of maintaining security in a rapidly evolving, community-driven project. The RTOS relies on rigorous code review and automated testing to mitigate risks, yet its widespread adoption in critical infrastructure necessitates continuous vigilance against exploitation of memory safety flaws and configuration weaknesses.

Top products by zephyrproject-rtos: zephyr
CVE IDTitleCVSSSeverityPublished
CVE-2026-1677 net: TLS 1.2 connections allowed on TLS 1.3 sockets — ZephyrCWE-757 5.3 Medium2026-05-11
CVE-2026-5590 net: ip/tcp: Null pointer dereference can be triggered by a race condition — ZephyrCWE-476 6.4 Medium2026-04-05
CVE-2026-1679 net: eswifi socket send payload length not bounded — ZephyrCWE-120 7.3 High2026-03-27
CVE-2026-4179 stm32: usb: Infinite while loop in Interrupt Handler — ZephyrCWE-835 6.1 Medium2026-03-14
CVE-2026-0849 crypto: ATAES132A response length allows stack buffer overflow — ZephyrCWE-120 3.8 Low2026-03-14
CVE-2026-1678 dns: memory‑safety issue in the DNS name parser — ZephyrCWE-787 9.4 Critical2026-03-05
CVE-2025-12899 net: icmp: Out of bound memory read — ZephyrCWE-843 6.5 Medium2026-01-30
CVE-2025-12035 Bluetooth: Integer Overflow in Bluetooth Classic (BR/EDR) L2CAP — ZephyrCWE-190 6.5 Medium2025-12-15
CVE-2025-9557 Bluetooth: Mesh: Out-of-Bound Write in gen_prov_cont — ZephyrCWE-120 7.6 High2025-11-26
CVE-2025-9558 Bluetooth: Mesh: Out-of-Bound Write in gen_prov_start — ZephyrCWE-120 7.6 High2025-11-26
CVE-2025-9408 Userspace privilege escalation vulnerability on Cortex M — ZephyrCWE-270 8.2 High2025-11-11
CVE-2025-12890 Bluetooth: peripheral: Invalid handling of malformed connection request — ZephyrCWE-703 6.5 Medium2025-11-07
CVE-2025-10456 Bluetooth: Semi-Arbitrary ability to make the BLE Target send disconnection requests — ZephyrCWE-190 7.1 High2025-09-19
CVE-2025-10458 Bluetooth: le_conn_rsp does not sanitize CID, MTU, MPS values — ZephyrCWE-130 7.6 High2025-09-19
CVE-2025-7403 Bluetooth: bt_conn_tx_processor unsafe handling — ZephyrCWE-123 7.6 High2025-09-19
CVE-2025-10457 Bluetooth: Out-Of-Context le_conn_rsp Handling — ZephyrCWE-358 4.3 Medium2025-09-19
CVE-2025-2962 Infinite loop in dns_copy_qname — ZephyrCWE-835 8.2 High2025-06-24
CVE-2025-1675 Out of bounds read in dns_copy_qname — ZephyrCWE-125 8.2 High2025-02-25
CVE-2025-1674 Out of bounds read when unpacking DNS answers — ZephyrCWE-125 8.2 High2025-02-25
CVE-2025-1673 Out of bounds read when calling crc16_ansi and strlen in dns_validate_msg — ZephyrCWE-125 8.2 High2025-02-25
CVE-2024-10395 net: lib: http_server: Buffer Under-read — ZephyrCWE-127 8.6 High2025-02-03
CVE-2024-8798 Bluetooth: classic: avdtp: missing buffer length check — ZephyrCWE-122 7.5 High2024-12-15
CVE-2024-11263 arch: riscv: userspace: potential security risk when CONFIG_RISCV_GP=y — ZephyrCWE-270 9.4 Critical2024-11-15
CVE-2024-6444 Bluetooth: ots: missing buffer length check — ZephyrCWE-122 6.3 Medium2024-10-04
CVE-2024-6443 zephyr: out-of-bound read in utf8_trunc — ZephyrCWE-125 6.3 Medium2024-10-04
CVE-2024-6442 Bluetooth: ASCS Unchecked tailroom of the response buffer — ZephyrCWE-787 6.3 Medium2024-10-04
CVE-2024-6259 BT: HCI: adv_ext_report Improper discarding in adv_ext_report — ZephyrCWE-787 7.6 High2024-09-13
CVE-2024-6137 BT: Classic: SDP OOB access in get_att_search_list — ZephyrCWE-121 7.6 High2024-09-13
CVE-2024-6135 BT:Classic: Multiple missing buf length checks — ZephyrCWE-122 7.6 High2024-09-13
CVE-2024-5931 BT: Unchecked user input in bap_broadcast_assistant — ZephyrCWE-1284 6.3 Medium2024-09-13

This page lists every published CVE security advisory associated with zephyrproject-rtos. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.